Skip to main content

Research Repository

Advanced Search

All Outputs (69)

Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network. (2017)
Conference Proceeding
KI-ARIES, D., FAILY, S., DOGAN, H. and WILLIAMS, C. 2017. Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network. In Assar, S., Pastor, O. and Mouratidis, H. (eds.) Proceedings of the 11th IEEE international conference on research challenges in information science (RCIS 2017), 10-12 May 2017, Brighton, UK. Piscataway: IEEE [online], pages 103-108. Available from: https://doi.org/10.1109/RCIS.2017.7956524

The term System of Systems (SoS) is often used to classify an arrangement of independent and interdependent systems delivering unique capabilities. There appear to be many examples of SoSs, but the term has become a source of confusion. While many ap... Read More about Re-framing "the AMN": a case study eliciting and modelling a system of systems using the Afghan Mission Network..

System design considerations for risk perception. (2017)
Conference Proceeding
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2017. System design considerations for risk perception. In Assar, S., Pastor, O. and Mouratidis, H. (eds.) Proceedings of the 11th IEEE international conference on research challeneges in information science (RCIS 2017), 10-12 May 2017, Brighton, UK. Piscataway: IEEE [online], pages 322-327. Available from: https://doi.org/10.1109/RCIS.2017.7956554

The perception of risk is a driver for security analysts' decision making. However, security analysts may have conflicting views of a risk based on personal, system and environmental factors. This difference in perception and opinion, may impact effe... Read More about System design considerations for risk perception..

Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016). (2016)
Conference Proceeding
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. (eds.) 2016. Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016), co-located with the 24th IEEE international requirements engineering conference (RE 2016), 12 September 2016, Beijing, China. In Proceedings of the 2016 IEEE 24th international requirements engineering conference workshops. Los Alamitos: IEEE Computer Society [online], pages 53-91. Available from: https://ieeexplore.ieee.org/xpl/conhome/7801359/proceeding

ESPRE 2016 was a multi-disciplinary, one-day workshop, co-located with the RE'16 conference. The ESPRE workshop series brings together practitioners and researchers interested in security and privacy requirements. This workshop probed the interfaces... Read More about Proceedings of the 3rd IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2016)..

MARAM: tool support for mobile app review management. (2016)
Conference Proceeding
IACOB, C., FAILY, S. and HARRISON, R. 2016. MARAM: tool support for mobile app review management. In Kawsar, F., Zhang, P. and Musolesi, M. (eds.) Proceedings of the 8th International conference on mobile computing, applications and services (MobiCase 2016), 30 November - 1 December 2016, Cambridge, UK. Brussels: Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering (ICST), pages 42-50.

Mobile apps today have millions of user reviews available online. Such reviews cover a large broad of themes and are usually expressed in an informal language. They provide valuable information to developers, such as feature requests, bug reports, an... Read More about MARAM: tool support for mobile app review management..

The application of useless Japanese inventions for requirements elicitation in information security. (2016)
Conference Proceeding
PARTRIDGE, A. and FAILY, S. 2016. The application of useless Japanese inventions for requirements elicitation in information security. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 102. Available from: https://doi.org/10.14236/ewic/HCI2016.102

Rules of requirements elicitation in security are broken through the use of Chindōgu, by designing impractical security countermeasures in the first instance, then using these to create usable security requirements. We present a process to conceive t... Read More about The application of useless Japanese inventions for requirements elicitation in information security..

Improving human-reviews interaction: a study of the role, use and place of online reviews. (2016)
Conference Proceeding
IACOB, C. and FAILY, S. 2016. Improving human-reviews interaction: a study of the role, use and place of online reviews. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 21. Available from: https://doi.org/10.14236/ewic/HCI2016.21

The use and benefits of online reviews are undeniable, yet the interaction means available for buyers when consulting reviews remain limited. This study aims to provide a better understanding of the role and use of online reviews, presenting a set of... Read More about Improving human-reviews interaction: a study of the role, use and place of online reviews..

Ethical hazards and safeguards in penetration testing. (2016)
Conference Proceeding
FAILY, S., IACOB, C. and FIELD, S. 2016. Ethical hazards and safeguards in penetration testing. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 83. Available from: https://doi.org/10.14236/ewic/HCI2016.83

Penetration testing entails attacking a system to identify and report insecurity, but doing so without harming the system nor encroaching on the dignity of those affected by it. To improve the interaction between penetration testers and their process... Read More about Ethical hazards and safeguards in penetration testing..

Persona-driven information security awareness. (2016)
Conference Proceeding
KI-ARIES, D., FAILY, S. and BECKERS, K. 2016. Persona-driven information security awareness. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 97. Available from: https://doi.org/10.14236/ewic/HCI2016.97

Because human factors are a root cause of security breaches in many organisations, security awareness activities are often used to address problematic behaviours and improve security culture. Previous work has found that personas are useful for ident... Read More about Persona-driven information security awareness..

Human-centered specification exemplars for critical infrastructure environments. (2016)
Conference Proceeding
FAILY, S., LYKOU, G., PARTRIDGE, A., GRITZALIS, D., MYLONAS, A. and KATOS, V. 2016. Human-centered specification exemplars for critical infrastructure environments. In Proceedings of the 30th International BCS human computer interaction conference (HCI 2016): fusion, 11-15 July 2016, Poole, UK. Swindon: BCS [online], article number 93. Available from: https://doi.org/10.14236/ewic/HCI2016.93

Specification models of critical infrastructure focus on parts of a larger environment. However, to consider the security of critical infrastructure systems, we need approaches for modelling the sum of these parts; these include people and activities... Read More about Human-centered specification exemplars for critical infrastructure environments..

Water, water, every where: nuances for a water industry critical infrastructure specification exemplar. (2016)
Conference Proceeding
FAILY, S., STERGIOPOULOS, G., KATOS, V. and GRITZALIS, D. 2016. Water, water, every where: nuances for a water industry critical infrastructure specification exemplar. In Rome, E., Theocharidou, M. and Wolthusen, S. (eds.) Critical information infrastructures security: revised selected papers from the proceedings of the 10th International conference on critical information infrastructures security (CRITIS 2015), 5-7 October 2015, Berlin, Germany. Lecture notes in computer science, 9578. Cham: Springer [online], pages 243-246. Available from: https://doi.org/10.1007/978-3-319-33331-1_20

The water infrastructure is critical to human life, but little attention has been paid to the nuances of the water industry. Without such attention, evaluating security innovation in this domain without compromising the productivity goals when delive... Read More about Water, water, every where: nuances for a water industry critical infrastructure specification exemplar..

Ethical dilemmas and dimensions in penetration testing. (2015)
Conference Proceeding
FAILY, S., MCALANEY, J. and IACOB, C. 2015. Ethical dilemmas and dimensions in penetration testing. In Furnell, S.M. and Clarke, N.L. (eds.) Proceedings of the 9th International symposium on human aspects of information security and assurance (HAISA 2015), 1-3 July 2015, Mytilene, Greece. Plymouth: Plymouth University, pages 233-242.

Penetration testers are required to attack systems to evaluate their security, but without engaging in unethical behaviour while doing so. Despite work on hacker values and studies into security practice, there is little literature devoted to the eth... Read More about Ethical dilemmas and dimensions in penetration testing..

Usability and security by design: a case study in research and development. (2015)
Conference Proceeding
FAILY, S., LYLE, J., FLÉCHAIS, I. and SIMPSON, A. 2015. Usability and security by design: a case study in research and development. In Proceedings of the 2015 Workshop on useable security (USEC 2015), co-located with the 2015 Network and distributed system security symposium (NDSS 2015), 8 February 2015, San Diego, USA. Reston: Internet Society [online]. Available from: https://doi.org/10.14722/usec.2015.23012

There is ongoing interest in utilising user experiences associated with security and privacy to better inform system design and development. However, there are few studies demonstrating how, together, security and usability design techniques can help... Read More about Usability and security by design: a case study in research and development..

Digital rights management: the four perspectives of developers, distributors, users and lawyers. (2015)
Conference Proceeding
MCDONALD, N., FAILY, S., FAVALE, M. and GATZIDIS, C. 2015. Digital rights management: the four perspectives of developers, distributors, users and lawyers. In Furnell, S.M. and Clarke, N.L. (eds.) Proceedings of the 9th International symposium on human aspects of information security and assurance (HAISA 2015), 1-3 July 2015, Mytilene, Greece. Plymouth: Plymouth University, pages 276-285.

Digital Rights Management (DRM) refers to a collection of security mechanisms that are widely deployed on a number of copyright-protected digital assets. However, despite the existence of a number of studies of the technical architectures of rights m... Read More about Digital rights management: the four perspectives of developers, distributors, users and lawyers..

Mitigating circumstances in cybercrime: a position paper. (2015)
Conference Proceeding
ALI, R., MCALANEY, J., FAILY, S., PHALP, K. and KATOS, V. 2015. Mitigating circumstances in cybercrime: a position paper. In Wu, Y., Min, G., Georgalas, N., Hu, J., Atzori, L., Jin, X., Jarvis, S., Liu, L. and Agüero Calvo, R. (eds.) CIT/IUCC/DASC/PICom 2015: proceedings of the 3rd International workshop on cybercrimes and emerging web environments (CEWE 2015), part of the 13th IEEE international conference on dependable, autonomic and secure computing (DASC 2015), co-located with the 15th IEEE international conference on computer and information technology (CIT 2015), the 14th IEEE international conference on ubiquitous computing and communications (IUCC 2015), and the 13th IEEE international conference on pervasive intelligence and computing (PICom 2015), 26-28 October 2015, Liverpool, UK. Los Alamitos: IEEE Computer Society [online], pages 1972-1976. Available from: https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.292

This paper argues the need for considering mitigating circumstances in cybercrime. Mitigating circumstances are conditions which moderate the culpability of an offender of a committed offence. Our argument is based on several observations. The cybers... Read More about Mitigating circumstances in cybercrime: a position paper..

The social psychology of cybersecurity. (2015)
Conference Proceeding
MCALANEY, J., TAYLOR, J. and FAILY, S. 2015. The social psychology of cybersecurity. In Proceedings of the 1st International conference on cyber security for sustainable society, 26-27 February 2015, Coventry, UK. Working papers of the SSN+, 3. London: Sustainable Society Network+, pages 686-689.

As the fields of HCI, cybersecurity and psychology continue to grow and diversify, there is greater overlap between these areas and new opportunities for interdisciplinary collaboration. This paper argues for a focus specifically on the role of socia... Read More about The social psychology of cybersecurity..

Engaging stakeholders in security design: an assumption-driven approach. (2014)
Conference Proceeding
FAILY, S. 2014. Engaging stakeholders in security design: an assumption-driven approach. In Clarke, N.L. and Furnell, S.M. (eds.) Proceedings of the 8th International symposium on human aspects of information security and assurance (HAISA 2014), 8-9 July 2014, Plymouth, UK. Plymouth: Plymouth University, pages 21-29.

System stakeholders fail to engage with security until comparatively late in the design and development process. User Experience artefacts like personas and scenarios create this engagement, but creating and contextualising them is difficult without... Read More about Engaging stakeholders in security design: an assumption-driven approach..

Ethical hacking assessment as a vehicle for undergraduate cyber-security education. (2014)
Conference Proceeding
FAILY, S. 2014. Ethical hacking assessment as a vehicle for undergraduate cyber-security education. In Uhomoibhi, J.O., Linecar, P., Barikzai, S., Ross, M. and Staples, G. (eds.) Global issues in IT education: proceedings of the 19th International conference on software process improvement research, education and training (INSPIRE 2014), 15 April 2014, Southampton, UK. Southampton: Solent University, pages 79-90.

The need for cyber security professionals in the UK is growing, motivating the need to introduce cybersecurity at an earlier stage of an undergraduate's education. However, despite on-going interest in cybersecurity pedagogy, there has been comparati... Read More about Ethical hacking assessment as a vehicle for undergraduate cyber-security education..

Eliciting and visualising trust expectations using persona trust characteristics and goal models. (2014)
Conference Proceeding
FAILY, S. and FLÉCHAIS, I. 2014. Eliciting and visualising trust expectations using persona trust characteristics and goal models. In Lanubile, F. and Ali, R. (eds.) Proceedings of the 6th International workshop on social software engineering (SSE 2014), 17 November 2014, Hong Kong, China. New York: ACM [online], pages 17-24. Available from: https://doi.org/10.1145/2661685.2661690

Developers and users rely on trust to simplify complexity when building and using software. Unfortunately, the invisibility of trust and the richness of a system's context of use means that factors influencing trust are difficult to see, and assessin... Read More about Eliciting and visualising trust expectations using persona trust characteristics and goal models..

Authorisation in context: incorporating context-sensitivity into an access control framework. (2014)
Conference Proceeding
FAILY, S., LYLE, J., FLÉCHAIS, I., ATZENI, A., CAMERONI, C., MYRHAUG, H., GÖKER, A. and KLEINFELD, R. 2014. Authorisation in context: incorporating context-sensitivity into an access control framework. In Proceedings of the 28th International BCS human computer interaction conference (HCI 2014): sand, sea and sky: holiday HCI, 9-12 September 2014, Southport, UK. Swindon: BCS, pages 189-194. Hosted on ScienceOpen [online]. Available from: https://doi.org/10.14236/ewic/hci2014.29

With sensitive information about ourselves now distributed across personal devices, people need to make access control decisions for different contexts of use. However, despite advances in improving the usability of access control for both developers... Read More about Authorisation in context: incorporating context-sensitivity into an access control framework..

Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014). (2014)
Conference Proceeding
BECKERS, K., FAILY, S., LEE, S.-W. and MEAD, N. (eds.) 2014. Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014), co-located with the 22nd IEEE international requirements engineering conference (RE 2014), 25 August 2014, Karlskrona, Sweden. Piscataway: IEEE [online]. Available from: https://ieeexplore.ieee.org/xpl/conhome/6883269/proceeding

The main focus of ESPRE is to bring together practitioners and researchers interested in security and privacy requirements. ESPRE probes the interfaces between requirements engineering, security and privacy, and takes the first step in evolving secur... Read More about Proceedings of the 1st IEEE international workshop on evolving security and privacy requirements engineering (ESPRE 2014)..